Skip to content

crda-javascript-api 0.0.2-ea.4

Install from the command line:
Learn more about npm packages
$ npm install @rhecosystemappeng/crda-javascript-api@0.0.2-ea.4
Install via package.json:
"@rhecosystemappeng/crda-javascript-api": "0.0.2-ea.4"

About this version

CodeReady Dependency Analytics JavaScript API
latest-no-snapshot latest-snapshot

This project is still a WIP. Currently, only Java's Maven ecosystem is implemented.

The Crda JavaScript API module is deployed to GitHub Package Registry.

Looking for our Java API? Try Crda Java API.

Click here for configuring GHPR and gaining access to the crda-javascript-api module.

Create your token

Create a token with the read:packages scope

Based on GitHub documentation, In Actions you can use GITHUB_TOKEN

Configure GHPR access for NPM

Add the following line to the .npmrc file in your user home ( See GH Docs):

//npm.pkg.github.com/:_authToken=<your-ghp-token-goes-here>

Usage

Instruct NPM to look in GHPR for the RHEcosystemAppEng namespace.
Add @RHEcosystemAppEng:registry=https://npm.pkg.github.com to .npmrc in the project root or user home: 

echo "@RHEcosystemAppEng:registry=https://npm.pkg.github.com" >> .npmrc
  • Use as ESM Module

npm install @RHEcosystemAppEng/crda-javascript-api
import crda from '@RHEcosystemAppEng/crda-javascript-api'
import fs from 'node:fs'

// Get stack analysis in JSON format
let jsonStackAnalysis = await crda.stackAnalysis('/path/to/pom.xml')
// Get stack analysis in HTML format (string)
let htmlStackAnalysis = await crda.stackAnalysis('/path/to/pom.xml', true)

// Get component analysis in JSON format
let buffer = fs.readFileSync('/path/to/pom.xml')
let jsonComponentAnalysis = await crda.componentAnalysis('pom.xml', buffer.toString())
  • Use as CLI Script

    • $ npx @RHEcosystemAppEng/crda-javascript-api help

Usage: crda-javascript-api {component|stack}

Commands:
  crda-javascript-api stack </path/to/manifest> [--html|--summary]               produce stack report for manifest path
  crda-javascript-api component <manifest-name> <manifest-content> [--summary]   produce component report for a manifest type and content

Options:
  --help  Show help                                                    [boolean]
    # get stack analysis in json format
$ npx @RHEcosystemAppEng/crda-javascript-api stack /path/to/pom.xml

# get stack analysis in json format (summary only)
$ npx @RHEcosystemAppEng/crda-javascript-api stack /path/to/pom.xml --summary

# get stack analysis in html format format
$ npx @RHEcosystemAppEng/crda-javascript-api stack /path/to/pom.xml --html

# get component analysis
$ npx @RHEcosystemAppEng/crda-javascript-api component pom.xml "$(</path/to/pom.xml)"
  • Use as Global Binary

    • npm install --global @RHEcosystemAppEng/crda-javascript-api
    # get stack analysis in json format
$ crda-javascript-api stack /path/to/pom.xml

# get stack analysis in json format (summary only)
$ crda-javascript-api stack /path/to/pom.xml --summary

# get stack analysis in html format format
$ crda-javascript-api stack /path/to/pom.xml --html

# get component analysis
$ crda-javascript-api component pom.xml "$(</path/to/pom.xml)"

    Excluding Packages

    Excluding a package from any analysis can be achieved by marking the package for exclusion.

    • Java Maven (pom.xml)
    <dependency> <!--crdaignore-->
  <groupId>...</groupId>
  <artifactId>...</artifactId>
  <version>...</version>
</dependency>

    Tokens

    If you wish the report to include other vulnerabilities data and resolutions which is only available to registered users. You can include the various vulnerability vendor data token as environment variables. Currently, only _Snyk_ is supported.

    Available environment variables:

    • CRDA_SNYK_TOKEN

    Details

    Assets

    • crda-javascript-api-0.0.2-ea.4.tgz

    Download activity

    • Total downloads 0
    • Last 30 days 0
    • Last week 0
    • Today 0

    Recent versions

    View all